The Turing Test gets harder

Used to be I could tell splog bait on sight. Of the thirteen blog comments in moderation a few minutes ago, ten were comments from splog sites specializing in sex, poker or some lawsuit-intensive disease.

Usually they say something like “nice post”, which works for anywhere. Sometimes they say “facebook is the best”, the source presumably being some Facebook-based scam — or so I’m guessing, because I don’t bother to check. Here’s one from somebody’s whose first name is “Join” that says “I love this. Thanks to sharing”. It’s from this site. It looks real enough, but again, I don’t have time to check. Short posts like this usually come from sploggers, so I either kill them as spam or “defer until later”, after which I kill them anyway. It seems cruel, but I’d rather be safe than sorry.

Now here’s one from somebody named Martin with an aol.com address. He says “Hello Doc! When we take it to the broader sense, it says obviously right. Though too small, but comprehensive and nice post.” That’s in response to this post here. It’s almost sensible, but … not quite right. The commenter gives this site as its URL. It looks like another digg-like thing. But when I look it up on Google, it doesn’t have much of a profile. When I see how many other pages link to it, only one result comes up. But is it a splog, or a brand new site that just doesn’t have much participation yet? This post suggests the latter. But does that mean it’s still not a scam?

I’m a generous guy, but I’m also busy. I don’t have time to waste trying to figure this crap out.

12 comments

Spam is a theft. They wish to steal from us, it started with stealing attention, to try to sell us stuff. Now it’s trying to steal Google Page Rank, and other things, to help enable outright fraud and identity theft to steal our money and possessions. You could also apply war metaphors here as well.

I think that we’re going to end up with a web that has no anonymity allowed as a result of all of this. It’s unfortunate that it’s going to take special efforts to protect whistleblowers in the future, as the options for anonymity disappear.

We’ve always needed strong identity, but have been living in a grace period as each new technology we deploy gives us a temporary advantage, and a bit of breathing room.

Another way to view it is in terms of side effects. The reason anyone wants to spam you has little to do with you, it has to do with stealing attention from your audience. It’s the “because” logic, gone horribly wrong.

If you can eliminate unintended / unwanted side effects, you can greatly reduce the problem. That’s why a lot of sites severely restrict HTML in comments, and disallow images, hyperlinks, etc. It’s all about eliminating unwanted side effects.

On a tangent: Imagine if you could run a program and strictly choose to allow side effects, (or not). You could run ANYTHING, and it wouldn’t be able to trash your system (unless you let it)… that’s something that I think CAN be done on the Operating System side of things, so there is at least some hope to preserve the security of the nodes at the edge of the internet.

I don’t want to do it (99% don’t)… but I’m going to have to write an OS which enforces hard limits on side effects… unlike Linux, Mac OS, Windows, etc. It’s going to be hard, slow and long, but there it is. I expect to be done in 10 years.

The thing is, when splogger comments are indistinguishable from those by sentient beings it doesn’t matter anyway – they’ve passed the turing test and are entitled to join the conversation (until they fail the Turing test).

Maybe I’m missing something, and if I am please set me straight, but isn’t captcha designed to keep that sort of splogging from occurring in the first place? Or can captcha not be implemented on your blog? Or is captcha too easily gamed as well?

I was getting all kinds of crazy splogging from Russia on a wiki I run for work (it was my first wiki). After putting in a captcha module, I stopped finding orphaned pages selling sex aids and office bazookas. Problem solved.

Two nights ago, Jonathan Zittrain showed how armies of low-paid workers in countries that offered no better options labor all day deciphering captchas for evil masters. Thus human components are employed in the midst of an otherwise robotic chain designed to defeat a system with a security component based on readability only by humans.

That’s why I’m the captcha. First-time comments by everybody go through moderation, which is me. If the comment looks like it came from a human without evil motives, I usually approve. Right now I have four, including the two I wrote about here, that I’ve “defered” until I make a decision at some point.

Sometimes I’ll write back to the sender and ask if they’re human. But I shouldn’t have to bother.

These splog comments remind me of horoscopes in their vagueness. If you believe in astrology, you start reading a horsocope assuming that it relates to your life. You subconsciously make links between what is written, and events in your life which the writer couldn’t possibly have known about.

If a comment is a vague as calling a post “nice”, “comprehensive” or any other adjective describing the way you wrote the post and not its actual content, there’s nothing to tell you otherwise if you’re already assuming that it relates to what you wrote.

If you read every comment on a ‘guilty until proven innocent’ basis, waiting to see something that proves the author read and understood your post, the success rate in rejecting splot bait ought to be higher.

Not only would this be at odds with our human tendency to be trusting, but would probably lead to genuine people’s comments being rejected and thus the spammers will have stolen yet more from us.

[…] in the notions of authorship. It can be argued that authorship maintains our identity as humans. Crosbie and Doc Searles may debate that synthesis of human authorship is almost upon us. Though Andrea may not […]

What I notice on all of them is that the replies are often from people who end with ‘please see my blog’ and an obvious blog that sells something. It is clear they just accessed the blog to advertise to you and never read it. Are all the people with blogs going round clicking on each others blogs just to increase ratings or what? I can’t see what good it would do as surely nobody is going to go see adverts on most of this stuff. I’ve heard of a plugin called Askimet which comes with the standard download of WordPress for the last few versions. It will help you control spam comments.

Interesting blog and yes, I’m human, honest. I have Askimet on my wordpress and it filters out alot of spam comments very well. Some are very bad. I go in an approve certain comments. I didn’t know the part that a spam comment can actually “infect” and ruin the blog. It amazes me that people put their energy into these types of activities.